Hacker
Professional
- Messages
- 1,041
- Reaction score
- 858
- Points
- 113
The article is written for those for whom a hacker is a person who has green numbers running on the monitor. You won't be able to crack anything serious with this method, or you will.
Preparation.
1. Tools.
We will need only 3 of the set. Moreover, even demo versions are suitable:
a) Xspider-scans the server and site for open ports and its own vulnerability database. The demo version doesn't tell you exactly where they were found, but it does tell you that they are there. That's enough for us.
b) Havij - since we will be hacking only through sql-inj, it is not better to find it. Here it is better to search for a crack because not all databases in the free version are supported, fortunately, quacks are Googled instantly.
c) WSO 2.5.1 (web shell). So that what you do looks like real hacking.
2. Ass protection.
This is for the taste and color, vpn + proxy is quite enough. If there are no defaces/deletions/other unpleasant / visible things to the admin, then you will most likely not even be noticed.
3. Let's go.
We are looking for a goal, everything is simple here. Write any word in Google and click search. Take the desired site and put it in Xspider, click scan. Along the way, go to 2ip.ru for example, you are also looking for neighbor sites of your almost hacked site with money. You grab them and throw them in the Xspider, too. We wait...
Let's say Xspider managed and found something. We open the asshole and see what we have there in 80 / tcp-HTTP. Hurray! There SQL-inj is written in red. We are lucky today, we continue.
Since he does not write where this whining was found, we will ask Google. Writing a request:
site:victim.<url> inurl:=
All links with parameters will be shown to us
That's what we need.
33% done.
Launch Havij.
In target, enter the link as in the example. It should be similar to the one that the Honourable Googol shared with us.
You don't need to push anything else, just let those who don't give a shit do it. Click Analyze. It's working! The letters ran. For more effect, set it to full-screen mode. If nothing worked out, then fuck it, this site is not worthy of our attention go ahead. If it turned out and db found, then in the tables tab, click alternately from left to right the get db, get tables buttons (bad memory but something like that). Now we are looking for something similar to user, admin, etc. We open them, put ticks on something similar to login, pass, and then Get Data.
If you're lucky, you'll get both your username and password right away. But usually the password is encrypted
and we have to go to our friend Google and stupidly drive a hash into it. Here we will climb a little and look for it, in huge lists it will be faster to press Ctrl+F and put the password there already.
So. We have an admin username and password. What's next? Open Havij and click on the Find Admin button there is only one column and one button, so you will figure it out.
4. Admin panel.
In principle, we can stop here. But achieving the goal does not stop us and we want more. Now there will be little specifics because there are a lot of different types of admins. Look in the admin panel for any way to upload a file, or better yet, a file manager, and download our WSO shell. IMPORTANT. see which folder you are uploading it to or where you are uploading it to, whether the name changes, and so on. In general, we need its specific address, which we go to and write root in the password window. You are amazing and you have the inside of the site in front of you, you can have fun, merge databases, climb, dig, etc. Optionally re-upload and rename the shell somewhere where it will not be particularly noticeable.
--
If something doesn't work out at any stage, then we just look for another victim and start again. It will definitely work out someday.
Preparation.
1. Tools.
We will need only 3 of the set. Moreover, even demo versions are suitable:
a) Xspider-scans the server and site for open ports and its own vulnerability database. The demo version doesn't tell you exactly where they were found, but it does tell you that they are there. That's enough for us.
b) Havij - since we will be hacking only through sql-inj, it is not better to find it. Here it is better to search for a crack because not all databases in the free version are supported, fortunately, quacks are Googled instantly.
c) WSO 2.5.1 (web shell). So that what you do looks like real hacking.
2. Ass protection.
This is for the taste and color, vpn + proxy is quite enough. If there are no defaces/deletions/other unpleasant / visible things to the admin, then you will most likely not even be noticed.
3. Let's go.
We are looking for a goal, everything is simple here. Write any word in Google and click search. Take the desired site and put it in Xspider, click scan. Along the way, go to 2ip.ru for example, you are also looking for neighbor sites of your almost hacked site with money. You grab them and throw them in the Xspider, too. We wait...
Let's say Xspider managed and found something. We open the asshole and see what we have there in 80 / tcp-HTTP. Hurray! There SQL-inj is written in red. We are lucky today, we continue.
Since he does not write where this whining was found, we will ask Google. Writing a request:
site:victim.<url> inurl:=
All links with parameters will be shown to us
That's what we need.
33% done.
Launch Havij.
In target, enter the link as in the example. It should be similar to the one that the Honourable Googol shared with us.
You don't need to push anything else, just let those who don't give a shit do it. Click Analyze. It's working! The letters ran. For more effect, set it to full-screen mode. If nothing worked out, then fuck it, this site is not worthy of our attention go ahead. If it turned out and db found, then in the tables tab, click alternately from left to right the get db, get tables buttons (bad memory but something like that). Now we are looking for something similar to user, admin, etc. We open them, put ticks on something similar to login, pass, and then Get Data.
If you're lucky, you'll get both your username and password right away. But usually the password is encrypted
and we have to go to our friend Google and stupidly drive a hash into it. Here we will climb a little and look for it, in huge lists it will be faster to press Ctrl+F and put the password there already.
So. We have an admin username and password. What's next? Open Havij and click on the Find Admin button there is only one column and one button, so you will figure it out.
4. Admin panel.
In principle, we can stop here. But achieving the goal does not stop us and we want more. Now there will be little specifics because there are a lot of different types of admins. Look in the admin panel for any way to upload a file, or better yet, a file manager, and download our WSO shell. IMPORTANT. see which folder you are uploading it to or where you are uploading it to, whether the name changes, and so on. In general, we need its specific address, which we go to and write root in the password window. You are amazing and you have the inside of the site in front of you, you can have fun, merge databases, climb, dig, etc. Optionally re-upload and rename the shell somewhere where it will not be particularly noticeable.
--
If something doesn't work out at any stage, then we just look for another victim and start again. It will definitely work out someday.
